A.0 RADIUS Attribute Definitions

This section describes the RADIUS attributes and possible values of an attributes in the base schema.

Attribute Name

Description

Values

radiusArapFeatures

The password information that the NAS should send to the user in an ARAP feature flags packet.

radiusArapSecurity

An ARAP security module to be used in an access-challenge packet.

radiusArapZoneAccess

Usage of the ARAP zone list for the user.

1=Only allow access to the default zone

2=Use the zone filter inclusively

4=Use the zone filter exclusively

radiusCallbackId

The name of a place to be called or interpreted by the NAS.

radiusCallbackNumber

The dialing string to be used for callback.

radiusCalledStationId

Allows the NAS to use the Access-Request packet to send the phone number that the user called, using Dialed Number Identification (DNIS) or similar technology.

radiusCallingStationId

Allows the NAS to use the access-request packet to send the phone number that the call came from, using Automatic Number Identification (ANI) or similar technology.

radiusClass

Multivalued attribute sent by the RADIUS server to the client to be forwarded to the RADIUS accounting server.

radiusFilterId

The name of the filter list for the user.

radiusFramedAppleTalkLink

The AppleTalk network number that should be used for the serial link to the user, which is another AppleTalk router.

radiusFramedAppleTalkNetwork

The AppleTalk Network number that the NAS should probe to allocate an AppleTalk node for the user.

radiusFramedAppleTalkZone

The AppleTalk Default Zone to be used for this user.

radiusFramedCompression

The compression protocol to be used for the link.

0=None

1=VJ TCP/IP header compression [10]

2=IPX header compression

3=Stac-LZS compression

radiusFramedIPAddress

The address to be configured for the user.

IP address

radiusFramedIPNetmask

The IP netmask to be configured for the user.

IP address

radiusFramedIPXNetwork

The PX network number to be configured for the user.

radiusFramedMTU

The maximum transmission unit to be configured for the user.

radiusFramedProtocol

The framing to be used for framed access.

1=PPP

2=SLIP

3=AppleTalk Remote Access Protocol (ARAP)

4=Gandalf proprietary SingleLink/MultiLink protocol

5=Xylogics proprietary IPX/SLIP

6=X.75 Synchronous

radiusFramedRoute

Multivalued attribute for routing information to be configured for the user on the NAS.

radiusFramedRouting

The routing method for the user, when the user is a router to a network.

0=None

1=Send routing packets

2=Listen for routing packets

3=Send and Listen

radiusIdleTimeout

Sets the maximum number of consecutive seconds of idle connection allowed to the user before termination of the session or prompt.

radiusLoginIPHost

Indicates the system to use for connecting to the user.

radiusLoginLATGroup

Describes the LAT group codes that the user is authorized to use.

radiusLoginLATNode

The node to use for automatically connecting the user through LAT.

radiusLoginLATPort

The port to use for connecting the user through LAT.

radiusLoginLATService

The system to use to connect the user through LAT.

radiusLoginService

The service to use to connect the user to the login host.

0=Telnet

1=Rlogin

2=TCP Clear

3=PortMaster (proprietary)

4=LAT

5= X25-PAD

6= X25-T3POS

8=TCP Clear Quiet (suppresses any NAS-generated connect string)

radiusLoginTCPPort

The TCP port with which the user is to be connected.

An integer i (0 < i < 65536).

radiusPasswordRetry

The number of authentication attempts a user is allowed to attempt before being disconnected.

Integer.

radiusPortLimit

The maximum number of ports to be provided to the user by the NAS.

Integer.

radiusPrompt

Indicates whether the NAS should echo the user’s response (to a challenge) as it is entered.

0=No Echo

1=Echo

radiusServiceType

The type of service the user has requested or the type of service to be provided.

1=Login

2=Framed

3=Callback Login

4=Callback Framed

5=Outbound

6=Administrative

7=NAS Prompt

8=Authenticate Only

9=Callback NAS Prompt

10=Call Check

11=Callback Administrative

radiusSessionTimeout

The maximum number of seconds of service to be provided to the user before termination of the session or prompt.

Integer.

radiusTerminationAction

Indicates the kind of action the NAS should take when the specified service is completed.

0=Default

1=RADIUS-Request

radiusTunnelAssignmentId

Multivalued attribute that is used to indicate to the tunnel initiator the particular tunnel to which a session is to be assigned.

radiusTunnelMediumType

Multilevel attribute used to indicate which transport medium to use when creating a tunnel for protocols (such as L2TP) that can operate over multiple transports.

1 IPv4 (IP version 4)

2 IPv6 (IP version 6)

3 NSAP

4 HDLC (8-bit multidrop)

5 BBN 1822

6 802 (includes all 802 media plus Ethernet canonical format)

7 E.163 (POTS)

8 E.164 (SMDS, Frame Relay, ATM)

9 F.69 (Telex)

10 X.121 (X.25, Frame Relay)

11 IPX

12 Platelike

13 Decant IV

14 Banyan Vines

15 E.164 with NSAP format subduers

radius Tunnel Password

The password to be used to authenticate to a remote server.

radius Tunnel Preference

Multilevel attribute that should be included in each set to indicate the relative preference assigned to each tunnel, when more than one set of tunneling attributes is returned by the RADIUS server to the tunnel initiator.

radius Tunnel Private Group Id

Multilevel attribute that indicates the group ID for a particular tunneled session.

radius Tunnel Server Endpoint

Multilevel attribute that indicates the address of the server end of the tunnel.

radius Tunnel Type

Multivalued attribute that indicates the tunneling protocols to be used for a tunnel initiator or the tunneling protocol in use for a tunnel terminator.

1 Point-to-Point Tunneling Protocol (PPTP) [1]

2 Layer Two Forwarding (L2F) [2]

3 Layer Two Tunneling Protocol (L2TP) [3]

4 Ascend Tunnel Management Protocol (ATMP) [4]

5 Virtual Tunneling Protocol (VTP)

6 IP Authentication Header in the Tunnel-mode (AH) [5]

7 IP-in-IP Encapsulation (IP-IP) [6]

8 Minimal IP-in-IP Encapsulation (MIN-IP-IP) [7]

9 IP Encapsulating Security Payload in the Tunnel-mode (ESP) [8]

10 Generic Route Encapsulation (GRE) [9]

11 Bay Dial Virtual Services (DVS)

12 IP-in-IP Tunneling [10]

radiusVSA

Multivalued RADIUS vendor-specific attributes.

radiusTunnelClientEndpoint

Multivalued attribute that has the address of the initiator end of the tunnel.

radiusAuthType

Authentication types such as MS-CHAP or NS-MTA-MD5.

radiusClientIPAddress

The client through which the user requests must be sent.

IP address

radiusGroupName

Multivalued attribute that lists the groups the user belongs to.

radiusHint

Provides a hint for the user.

radiusHuntgroupName

Multivalued attribute of Huntgroup for the user.

radiusProfileDn

The DN of radiusProfile object for this user.

radiusProxyToRealm

The FreeRADIUS (non-protocol) attribute used to forward RADIUS requests.

radiusReplicateToRealm

A deprecated FreeRADIUS attribute.

radiusRealm

A FreeRADIUS (non-protocol) attribute.

radiusSimultaneousUse

Limits the number of times one user account can log in.

radiusLoginTime

A FreeRADIUS (non-protocol) attribute used to define the time span during which a user can log in to the system.

radiusUserCategory

A FreeRADIUS (non-protocol) attribute. Refers to the definition of a group to which the user belongs.